<?php
//include_once $_SERVER['DOCUMENT_ROOT']."/math-videos/configure.inc.php";
if(!isset($valid_controller)||$valid_controller===false)
{
  return;
}

//authertication user

$sqltext="select id as user_id , institute_id from users  WHERE username=? and password=?";
$params = array();

array_push($params,sql_escape($username));
array_push($params,sql_escape($password));
$result = db_select_query($conn2,$sqltext,$params);
$user_id='';
$institute_id='';
while($row = db_fetch_array($result))
{
	$user_id = $row['user_id'];
	$institute_id = $row['institute_id'];
}

if($user_id =='')
{
	//echo "HTTP/1.1 401 <br />";
	//echo "Date: ".gmdate('F j, Y, g:i:s')." GMT<br />";
	header('HTTP/1.1 401 Authorization Required');
//	echo "Location: https://api.mathinstitutes.org/metadata/v1/asset/2341<br />";
	echo "{\"error\": \"Authorization Required.\"}";
}
else
{
	$id= $assetID;
  $sqltext="select title
										from asset WHERE id=? and institute_id=?";
	$params = array();
	//echo "sqltext=$sqltext<bR>";
	//exit();
	array_push($params,sql_escape($id));
	array_push($params,sql_escape($institute_id));
	$result = db_select_query($conn,$sqltext,$params);
	
	if(db_num_rows($result)<1)
	{
		//echo "Error 404 AssetId Not Found!";
	//	echo "HTTP/1.1 404, 403 <br />";
	    header('HTTP/1.1 404, 403. Asset Not Found or Insufficient Permissions');
		/*header('HTTP/1.1 403,404. Specified Asset is not owned by authenticated user and cannot be deleted, or Asset Not Found Specified Asset was not found in the catalog.');*/
  	//echo "Date: ".gmdate('F j, Y, g:i:s')." GMT<br />";
		echo "{\"error\": \"Asset Not Found OR Insufficient Permissions.\"}";
	}
	else
	{
		$update_flag= false;			
		
		while($row = db_fetch_object($result))
		{
			foreach ($row as $key => $value) 
			{
				$update_flag= true;			
			}
		}
		if($update_flag)
		{
		//end get info
		//check required fields
	
			$statistics_sha1 ='';
			$rating=0;
			$views=0;		
			$params = array();
			$sqltext="UPDATE asset SET ";

				$sqltext .="rating =?";
				array_push($params,sql_escape($rating));
		
				$sqltext .=",views =?";
				array_push($params,sql_escape($views));
		
			$sqltext .=",statisticsSHA1 =?";
			array_push($params,sql_escape($statistics_sha1));
			
			$sqltext .=" WHERE id=?";
			array_push($params,sql_escape($id));
			db_change_query($conn,$sqltext,$params);
			//add to api log
			$sqltext="INSERT INTO api_logs(query,added_date,user_id, institute_id,asset_id) values( ?, ?, ?,?,?)";
			$params = array();
			array_push($params,'Delete Statistics');
			array_push($params,date("Y-m-d H:i:s"));
			array_push($params,sql_escape($user_id));
			array_push($params,sql_escape($institute_id));
			array_push($params,sql_escape($id));
			db_change_query($conn,$sqltext,$params);
		 // echo $id;
		// 	unset($result_array);
		//	$result_array['assetID']=$id;		
		//	$result_array['assetURL']=$site_http."metadata/v1/asset/".$id;		
		//	$result_array['statisticsSHA1']=$statistics_sha1;	
		  header('HTTP/1.1 200 OK. Successful delete statistics from asset. ');
			//echo json_encode($result_array);
		}
	}
}

?>